summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorCasey Schaufler <casey@schaufler-ca.com>2016-11-08 06:01:09 +0300
committerCasey Schaufler <casey@schaufler-ca.com>2016-11-10 22:22:18 +0300
commit2e4939f7026f938a1dc81533d020801198562804 (patch)
tree6e0e1eeedba030ba7278edac2f4fe254f73223f8
parentb437aba85b5c4689543409d8407c016749231aae (diff)
downloadlinux-2e4939f7026f938a1dc81533d020801198562804.tar.xz
Smack: ipv6 label match fix
The check for a deleted entry in the list of IPv6 host addresses was being performed in the wrong place, leading to most peculiar results in some cases. This puts the check into the right place. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
-rw-r--r--security/smack/smack_lsm.c12
1 files changed, 6 insertions, 6 deletions
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index f7ee77c3db55..b2c839f735c0 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -2444,17 +2444,17 @@ static struct smack_known *smack_ipv6host_label(struct sockaddr_in6 *sip)
list_for_each_entry_rcu(snp, &smk_net6addr_list, list) {
/*
+ * If the label is NULL the entry has
+ * been renounced. Ignore it.
+ */
+ if (snp->smk_label == NULL)
+ continue;
+ /*
* we break after finding the first match because
* the list is sorted from longest to shortest mask
* so we have found the most specific match
*/
for (found = 1, i = 0; i < 8; i++) {
- /*
- * If the label is NULL the entry has
- * been renounced. Ignore it.
- */
- if (snp->smk_label == NULL)
- continue;
if ((sap->s6_addr16[i] & snp->smk_mask.s6_addr16[i]) !=
snp->smk_host.s6_addr16[i]) {
found = 0;